RoboCyberWall Aims to Block Linux Server Hacks

RoboCyberWall Aims to Block Linux Server Hacks

RoboCyberWall on Tuesday launched its proprietary precision firewall solution bearing the same name. RoboCyberWall is designed to protect HTTP and HTTPS (SSL) ports on Linux-based Apache2 and NGINX Web servers.

The patent-pending firewall blocks all known exploits and zero-day attacks on Apache2 and NGINX Web servers, according to the developer. It is the only firewall designed from the ground up to protect the Linux Apache2 or NGINX Web server’s root directory, as well as the document root directory.

The product’s Modular Security paradigm for Linux server perimeters has been hacker tested for more than a year. It is far more secure than yesterday’s all-in-one firewalls, according to the company, which describes them as “Jack of All Trades, Master of None.”

“RoboCyberWall-protected servers, despite thousands of attempts by multiple hackers challenged to do otherwise, have never been successfully hacked,” said John R. Martinson Sr., CEO of RoboCyberWall.

Matter of Necessity

No firewalls currently are designed specifically to protect the Web server’s actual root directory. Hackers know this, so they attack via the Internet protocol address assigned to the Web server that is serving up packets for the domain name server via the HTTP protocol, explained Martinson. That allows hackers to breach the Web server’s root directory to gain access to the user’s data, which resides in the Web server’s DocumentRoot directory.

“Internet-borne threats such as ransomware and other malware are driving the need for organizations to rethink their existing security frameworks, such as firewalls and browser isolation,” Daniel Miller, director of product marketing at Ericom Software, told LinuxInsider.

The aggressive activities of well-organized and financed hackers means that businesses of every sort need to be vigilant or risk being crippled. That can be especially difficult for SMBs that do not have the financing or expertise available to mount sophisticated defensive efforts, said Charles King, principal analyst at Pund-IT.

“RoboCyberWall aims to address those organizations’ pain points and keep some of their most vulnerable targets safe from attacks and exploits,” he told LinuxInsider.

What It Does

In securing the non-application portion of the stack, RoboCyberWall provides pinpoint protection for Linux Apache2 or NGINX Web server HTTP and HTTPS ports. Typically, these are ports 80 and 443, which are two of the top three most-targeted ports for attack worldwide, based on Akamai’s State of the Internet report.

The attackers’ goal is to get access to the Web servers’ change log files so they can take over the Apache2 or NGINX Web server, noted Martinson, Hackers can use a known hack, a zero-day exploit or a brute force attempt.

A bad actor who has breached an Apache2 or NGINX Web server’s root directory gains complete access to the DocumentRoot directory where the actual data is located.

Product Comparison

RoboCyberWall differs from competing security tools for Linux servers, said Martinson, in five key areas:

It is easy to install, using very little processor overhead;

It is inexpensive, licensed at US$8.95 per month;

Its dynamic whitelist results in zero false positives;

It prevents exploits rather than cleaning up afterward; and

It results in no downtime or lost revenue.

“Older technology has to guess which packets are good or bad, making detection of zero-day attacks impossible,” Martinson said.

Generally, RoboCyberWall is a software-only solution, meaning that it is downloadable and designed to run on a host Linux-based Apache2 and NGINX Web server, said King.

“That makes it simpler and easier to deploy than packaged solutions, and far cheaper than dedicated firewall appliances,” he added.

RoboCyberWall consumes minimal processing and memory resources, and minimal whitelisting features. While the product may suffer from focusing on HTTP and HTTPS ports, those are the ones most often targeted by hackers, King pointed out.

“The solution’s minimal footprint requirements also mean that it can be effectively used on older systems repurposed for Web-serving needs. That’s a common practice among the cost-conscious SMBs that are the company’s primary market targets,” he explained.

Better Mousetrap

Linux-based DevSecOps shops that are building modern applications are another niche customer target. RoboCyberWall should fair well, as it is purpose-built for protecting Web applications. Most players in that space have a wide range of coverage and do not necessarily focus on Linux/Web applications, said George Gerchow, vice president of security and compliance at Sumo Logic.

“At Sumo Logic, we do not run Windows at all, and so for us and for other organizations running similar environments, RoboCyberWall would complement what we are already doing,” he told LinuxInsider.

There is a major need for what RoboCyberWall offers in today’s market. The entire InfoSec community should be moving to host-based security solutions that scale and use intelligent automation to prevent attacks, he said, instead of traditional inline solutions that do not scale and have a hard time detecting new malware and bad packets.